[tor-talk] Should I warn against Tor?
Jens Lechtenboerger
tortalk at informationelle-selbstbestimmung-im-internet.de
Sat Jul 6 12:12:27 UTC 2013
On Sa, Jul 06 2013, Roger Dingledine wrote:
> On Sat, Jul 06, 2013 at 12:46:17PM +0200, Jens Lechtenboerger wrote:
>> 1. If you are using Tor, you should assume that all your network
>> traffic gets stored, analyzed, and de-anonymized by intelligence
>> agencies.
>
> I don't want to tell you to stop worrying, but depending on how much
> you think these intelligence agencies collaborate, I think the "and
> de-anonymized" phrase might be overstated. For example, I would not be
> surprised if French intelligence doesn't has enough of a reach on the
> Internet to be able to break Tor easily -- simply because they haven't
> made enough deals with enough backbone providers relative to the locations
> of big Tor relays. Maybe they trade data with England and the US, but
> then again maybe they don't (or don't trade all of it).
I don’t worry about the French too much. I don’t think that the
British need much collaboration, though.
> One of the unfortunate properties of the Internet is how it's much less
> decentralized than we'd like (and than we used to think). But there are
> still quite a few different places that you need to tap in order to have
> a good chance of beating a Tor circuit. For background, you might like:
> http://freehaven.net/anonbib/#feamster:wpes2004
> http://freehaven.net/anonbib/#DBLP:conf:ccs:EdmanS09
> and there's a third paper in this chain of research which I'm hoping
> the authors will make public soon -- stay tuned.
I’ll have a look. Thanks for the pointers.
>> 2. If you do not use Tor, you should be aware that your ISP could
>> spy on all of your network traffic, while part of it (that part
>> passing tapped IXes) gets stored and analyzed by intelligence
>> agencies.
>
> I think you're underestimating the problem here. You say "Part of my
> traffic does not need to flow through big pipes and IXes but stays in
> local, untapped regions of the Internet." I think for the typical web
> user, basically _every single page they visit_ pulls in a component that
> goes through these 'big pipes' you refer to.
Thanks for that reminder. Some of my browsers don’t do that, but
it’s easy to forget.
However, I wasn’t only thinking about the Web, but also things like
chat and ssh, which I might torify.
> In short, I think web users are in bad shape using Tor if their adversary
> is "every intelligence agency combined", but they're in way way worse
> shape when not using Tor.
I didn’t mean to imply that “combination” was necessary.
> While I'm at it -- you don't think Deutsche Telekom has a deal with
> BND where they hand over all the internal German Internet traffic they
> see?
I’m not sure about that.
> I hope the era where people say "My government is doing everything
> that has been reported in the news so far, but surely they're not doing
> anything else" is finally over, but I guess it will be a while yet.
So do I.
Best wishes
Jens
More information about the tor-talk
mailing list